Plugin Gazeta News – Gazeta da Ilha Security & Risk Analysis

wordpress.org/plugins/gazeta-news

Este widget lhe permite manter seu site sempre atualizado com as principais noticias do Portal Gazeta da Ilha

10 active installs v0.3 PHP + WP 3.0.1+ Updated Mar 1, 2013
gazertanoticiassao-luis
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Plugin Gazeta News – Gazeta da Ilha Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Gazeta News – Gazeta da Ilha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The "gazeta-news" v0.3 plugin exhibits a concerning security posture primarily due to a complete lack of output escaping. While the static analysis reveals no directly exploitable attack surface points like unprotected AJAX handlers, REST API routes, or shortcodes, and no dangerous functions or file operations are present, the absence of output escaping for all 17 identified outputs is a significant vulnerability. This means that any data displayed to users, including potentially user-provided content or data from external sources, is not being properly sanitized, opening the door for Cross-Site Scripting (XSS) attacks. The taint analysis is inconclusive due to zero flows analyzed, but the output escaping issue is a concrete and serious risk. The plugin's vulnerability history is clean, which is a positive indicator. However, this historical lack of issues does not mitigate the immediate and severe risk posed by the unescaped output in the current version. The plugin's strengths lie in its limited attack surface and the use of prepared statements for SQL queries. The primary weakness is the pervasive lack of output escaping, which creates a high risk of XSS vulnerabilities.

Key Concerns

  • All outputs are unescaped
Vulnerabilities
None known

Plugin Gazeta News – Gazeta da Ilha Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Plugin Gazeta News – Gazeta da Ilha Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Plugin Gazeta News – Gazeta da Ilha Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped17 total outputs
Attack Surface

Plugin Gazeta News – Gazeta da Ilha Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initgazetailhanews-widget.php:254
Maintenance & Trust

Plugin Gazeta News – Gazeta da Ilha Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2
Last updatedMar 1, 2013
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Plugin Gazeta News – Gazeta da Ilha Developer Profile

erick.pessoa

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Plugin Gazeta News – Gazeta da Ilha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gazeta-news/GINews.css

HTML / DOM Fingerprints

CSS Classes
websisti_GINewsginp_noticiasnoticiatitulocategoriadatacopyrighthgazetaTopo
Data Attributes
id="websisti_GINewsWidget-widgets"name="numberposts"name="show_on"
FAQ

Frequently Asked Questions about Plugin Gazeta News – Gazeta da Ilha